diff options
| author | Oleksandr Byelkin <sanja@mariadb.com> | 2018-01-23 21:38:29 +0100 |
|---|---|---|
| committer | Oleksandr Byelkin <sanja@mariadb.com> | 2018-01-23 21:38:29 +0100 |
| commit | 6f78e6f98e470c874f691e130a5d74968af06063 (patch) | |
| tree | 198ae9d86eea5f56349dc6f495f424cc39bae742 /sql/sql_select.cc | |
| parent | a4663af05c1d1bd3abb537205df070ed2158e702 (diff) | |
| download | mariadb-git-bb-10.0-MDEV-14862.tar.gz | |
MDEV-14862: Server crashes in Bitmap<64u>::merge / add_key_fieldbb-10.0-MDEV-14862
It is backport of MySQL fix:
Bug #19434916: FATAL_SIGNAL IN ADD_KEY_EQUAL_FIELDS() WITH
UPDATE VIEW USING OUTER SUBQUERY
Issue:
-----
While resolving a column which refers to a table/view in an
outer query, it's respecitve item object is marked with the
outer query's select_lex object. But when the column refers
to a view or if the column is part of a subquery in the
HAVING clause, an Item_ref object is created. While the
reference to the outer query is stored by the Item_ref
object, the same is not stored in it's real_item.
This creates a problem with the IN-TO-EXISTS optmization.
When there is an index over the column in the inner query,
it will be considered since the column's real_item object
will be mistaken for a local field. This will lead to a
crash.
SOLUTION:
---------
Under the current design, the only way to fix this issue is
to check the reginfo.join_tab for a NULL value. If yes, the
query should not be worrying about the key use.
The testcase and comments added as part of the fix for
Bug#17766653 have been backported.
Diffstat (limited to 'sql/sql_select.cc')
| -rw-r--r-- | sql/sql_select.cc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 3c2b62a6540..d0e5864ef6c 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -4362,7 +4362,19 @@ add_key_field(JOIN *join, Field *field, bool eq_func, Item **value, uint num_values, table_map usable_tables, SARGABLE_PARAM **sargables) { - uint optimize= 0; + uint optimize= 0; + + if (field->table->reginfo.join_tab == NULL) + { + /* + Due to a bug in IN-to-EXISTS (grep for real_item() in item_subselect.cc + for more info), an index over a field from an outer query might be + considered here, which is incorrect. Their query has been fully + optimized already so their reginfo.join_tab is NULL and we reject them. + */ + return; + } + if (eq_func && ((join->is_allowed_hash_join_access() && field->hash_join_is_possible() && |